General
-
Target
848ddb1d3a9c1b66feff19e8983e9847_JaffaCakes118
-
Size
300KB
-
Sample
241101-wfeylstclf
-
MD5
848ddb1d3a9c1b66feff19e8983e9847
-
SHA1
ccf9276ee288428cf7b815c8d2eb6297f0cdd261
-
SHA256
f1015362b554cf2833ea917cc36ebbe62678f3ed69b074b3a7e1163a5852d3be
-
SHA512
ce9e06478d82247405aaa587b6d2c9f8b348aa8d57c18dfdf97e9c09efd1b5faf9b751297d644504b378533df225813ed182072f8dab4f0acd99f977850d33fb
-
SSDEEP
6144:Hsaqb9wBQQnbwVG0kqOBF5eSk9SyPg4do+WC:Mpb9wBeG0BOBF5eSk9S+Td7h
Malware Config
Targets
-
-
Target
848ddb1d3a9c1b66feff19e8983e9847_JaffaCakes118
-
Size
300KB
-
MD5
848ddb1d3a9c1b66feff19e8983e9847
-
SHA1
ccf9276ee288428cf7b815c8d2eb6297f0cdd261
-
SHA256
f1015362b554cf2833ea917cc36ebbe62678f3ed69b074b3a7e1163a5852d3be
-
SHA512
ce9e06478d82247405aaa587b6d2c9f8b348aa8d57c18dfdf97e9c09efd1b5faf9b751297d644504b378533df225813ed182072f8dab4f0acd99f977850d33fb
-
SSDEEP
6144:Hsaqb9wBQQnbwVG0kqOBF5eSk9SyPg4do+WC:Mpb9wBeG0BOBF5eSk9S+Td7h
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-